Blog
Sarbanes-Oxley and Bribery: Compliance Tips for Public Companies
Sarbanes-Oxley and Bribery: Compliance Tips for Public Companies
The Sarbanes-Oxley Act (SOX) was passed in 2002 after a string of major corporate accounting scandals involving companies like Enron and WorldCom. The goal of SOX was to protect investors by improving the accuracy and reliability of corporate disclosures and financial reporting. While SOX applies mainly to public companies, some provisions also apply to private companies.
One key area that SOX addresses is bribery and corruption. Under SOX, public companies are required to have strong internal controls and procedures to prevent and detect bribery. They must also properly disclose any material violations of anti-bribery laws. Failure to comply can result in stiff penalties.
In this article, we’ll provide an overview of SOX bribery provisions and offer some practical tips to help public companies ensure compliance.
SOX Anti-Bribery Provisions
Several sections of SOX directly or indirectly address bribery and corruption issues:
- Section 302 requires CEOs and CFOs to certify that they have established, maintained, and regularly evaluate the effectiveness of internal controls around financial reporting. This includes controls to prevent bribery.
- Section 404 requires companies to annually assess the effectiveness of internal controls over financial reporting. Bribery controls must be part of this.
- Section 802 prohibits altering, destroying, or falsifying records to impede or influence a federal investigation. This includes bribery probes.
- Section 1102 prohibits retaliation against whistleblowers who report suspected illegal acts, such as bribery.
In addition to SOX, public companies are subject to the Foreign Corrupt Practices Act (FCPA), which prohibits bribing foreign officials. SOX and FCPA compliance go hand-in-hand.
Bribery Compliance Best Practices
Here are some tips to help public companies ensure SOX compliance around bribery controls:
Conduct Regular Bribery Risk Assessments
A key first step is to regularly assess bribery risks across your business. Consider factors like countries of operation, interactions with government officials, use of third parties, gifts and entertainment policies, etc. Update assessments whenever risks change.
Review and Enhance Anti-Bribery Policies
Examine your existing anti-bribery and anti-corruption policies. Update them to address any gaps or new risks identified in assessments. Ensure policies are comprehensive and provide clear rules and guidelines for employees.
Strengthen Internal Controls
Your controls should address key risk areas like vendor and partner due diligence, training, monitoring and auditing, investigations, etc. Controls should be well-documented and periodically tested for effectiveness.
Conduct Anti-Bribery Training
Training helps employees understand policies and comply with controls. Provide training to high-risk groups like sales, procurement, finance, etc. Include case studies and scenarios tailored to your business. Require periodic refresher courses.
Perform Due Diligence on Third Parties
Third parties like agents, consultants and distributors can expose you to bribery risks. Do thorough due diligence before and during relationships. Include background checks, document reviews, interviews, anti-bribery certifications, audit rights, etc.
Monitor Transactions for Red Flags
Watch for suspicious activities that may indicate bribery, like large payments to shell companies, vendors in corruption-prone countries, inflated invoices, unusual gifts or entertainment, etc. Investigate red flags promptly.
Regularly Audit and Monitor Compliance
Conduct audits to verify bribery program effectiveness and compliance with policies and controls. Focus on high-risk business units and activities. Review expense reports, invoices, gifts/entertainment logs, etc. Perform targeted monitoring based on risk assessments.
Investigate Bribery Allegations Thoroughly
Have procedures for investigating alleged violations, including anti-retaliation protections for whistleblowers. Involve legal counsel to ensure confidentiality and privilege. Impose discipline if wrongdoing occurred.
Correct Weaknesses Promptly
If audits or investigations reveal control gaps or policy violations, take timely corrective action. Enhance controls, improve training, discipline employees, etc. as needed. Report material violations as required.
The Costs of Non-Compliance
The risks of non-compliance with SOX bribery provisions include:
- SEC investigations and penalties
- Shareholder lawsuits and loss of investor confidence
- Criminal charges under FCPA
- Harm to company reputation and brand
For example, in 2016, the SEC charged Anheuser-Busch InBev with violating FCPA anti-bribery provisions and the accounting and internal controls provisions of SOX. The company agreed to pay $6 million to settle the charges.
In 2014, Avon Products pleaded guilty to conspiring to violate FCPA and paid over $135 million in criminal and regulatory penalties. The SEC said Avon lacked sufficient internal controls required by SOX to detect and prevent bribery.
The Benefits of Robust Compliance
While bribery compliance requires commitment and resources, the benefits include:
- Protection from legal liability and penalties
- Avoidance of criminal charges
- Stronger financial reporting and investor trust
- Enhanced company reputation
- Ability to win business ethically
- Greater employee morale and engagement
Robust SOX anti-bribery compliance shows investors, regulators, partners and employees that you are committed to ethical business practices. It’s not just a requirement – it’s good business.
Conclusion
Preventing bribery is a key responsibility for public companies under SOX. Developing a strong anti-bribery program requires assessing risks, updating policies, strengthening controls, training employees, monitoring operations and investigating issues. Compliance takes commitment but pays dividends in the long run.